1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143
|
// Copyright 2013 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/app_mode/app_mode_utils.h"
#include <stddef.h>
#include <optional>
#include "base/check.h"
#include "base/command_line.h"
#include "base/containers/contains.h"
#include "base/feature_list.h"
#include "base/strings/string_split.h"
#include "chrome/app/chrome_command_ids.h"
#include "chrome/browser/policy/policy_util.h"
#include "chrome/common/chrome_switches.h"
#include "chrome/common/pref_names.h"
#include "components/content_settings/core/common/content_settings_pattern.h"
#include "components/permissions/features.h"
#include "components/prefs/pref_service.h"
#include "url/gurl.h"
#if BUILDFLAG(IS_CHROMEOS)
#include "chromeos/components/kiosk/kiosk_utils.h"
#endif
namespace {
// If the device is running in forced app mode, returns the ID of the app for
// which the device is forced in app mode. Otherwise, returns nullopt.
std::optional<std::string> GetForcedAppModeApp() {
base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
if (!command_line->HasSwitch(switches::kForceAppMode) ||
!command_line->HasSwitch(switches::kAppId)) {
return std::nullopt;
}
return command_line->GetSwitchValueASCII(switches::kAppId);
}
// This method matches the `origin` with the url patterns from
// https://chromeenterprise.google/policies/url-patterns/. Note: just using the
// "*" wildcard is not allowed.
#if BUILDFLAG(IS_CHROMEOS)
bool IsOriginAllowedByPermissionFeatureFlag(
const std::vector<std::string>& allowlist,
const GURL& origin) {
if (allowlist.empty()) {
return false;
}
for (auto const& value : allowlist) {
ContentSettingsPattern pattern = ContentSettingsPattern::FromString(value);
if (pattern == ContentSettingsPattern::Wildcard() || !pattern.IsValid()) {
continue;
}
if (pattern.Matches(origin)) {
return true;
}
}
return false;
}
#endif
} // namespace
bool IsCommandAllowedInAppMode(int command_id, bool is_popup) {
DCHECK(IsRunningInForcedAppMode());
constexpr int kAllowed[] = {
IDC_BACK,
IDC_DEV_TOOLS,
IDC_DEV_TOOLS_CONSOLE,
IDC_DEV_TOOLS_INSPECT,
IDC_FORWARD,
IDC_RELOAD,
IDC_CLOSE_FIND_OR_STOP,
IDC_STOP,
IDC_RELOAD_BYPASSING_CACHE,
IDC_RELOAD_CLEARING_CACHE,
IDC_CUT,
IDC_COPY,
IDC_PASTE,
IDC_ZOOM_PLUS,
IDC_ZOOM_NORMAL,
IDC_ZOOM_MINUS,
IDC_CARET_BROWSING_TOGGLE,
};
constexpr int kAllowedPopup[] = {IDC_CLOSE_TAB};
return base::Contains(kAllowed, command_id) ||
(is_popup && base::Contains(kAllowedPopup, command_id));
}
bool IsRunningInAppMode() {
base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
return command_line->HasSwitch(switches::kKioskMode) ||
IsRunningInForcedAppMode();
}
bool IsRunningInForcedAppMode() {
return base::CommandLine::ForCurrentProcess()->HasSwitch(
switches::kForceAppMode);
}
bool IsRunningInForcedAppModeForApp(const std::string& app_id) {
DCHECK(!app_id.empty());
std::optional<std::string> forced_app_mode_app = GetForcedAppModeApp();
if (!forced_app_mode_app.has_value()) {
return false;
}
return app_id == forced_app_mode_app.value();
}
bool IsWebKioskOriginAllowed(const PrefService* prefs, const GURL& origin) {
#if BUILDFLAG(IS_CHROMEOS)
if (!chromeos::IsWebKioskSession()) {
return false;
}
if (policy::IsOriginInAllowlist(
origin, prefs, prefs::kKioskBrowserPermissionsAllowedForOrigins)) {
return true;
}
// TODO(b/341057883): Add KioskBrowserPermissionsAllowedForOrigins check.
std::vector<std::string> allowlist = base::SplitString(
permissions::feature_params::kWebKioskBrowserPermissionsAllowlist.Get(),
",", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY);
return IsOriginAllowedByPermissionFeatureFlag(allowlist, origin);
#else
return false;
#endif
}
|